<?php

[0] Fix | Delete

[1] Fix | Delete

/**

[2] Fix | Delete

* This class provides the functionality to encrypt

[3] Fix | Delete

* and decrypt access tokens stored by the application

[4] Fix | Delete

* @author Ben Tadiar <ben@handcraftedbyben.co.uk>

[5] Fix | Delete

* @link https://github.com/benthedesigner/dropbox

[6] Fix | Delete

* @package Dropbox\Oauth

[7] Fix | Delete

* @subpackage Storage

[8] Fix | Delete

*/

[9] Fix | Delete

[10] Fix | Delete

/* UpdraftPlus notes

[11] Fix | Delete

Using this was fairly pointless (it encrypts storage credentials at rest). But, it's implemented now, so needs supporting.

[12] Fix | Delete

Investigation shows that mcrypt and phpseclib native encryption using different padding schemes.

[13] Fix | Delete

As a result, that which is encrypted by phpseclib native can be decrypted by mcrypt, but not vice-versa. Each can (as you'd expect) decrypt the results of their own encryption.

[14] Fix | Delete

As a consequence, it makes sense to always encrypt with phpseclib native, and prefer decrypting with with mcrypt if it is available and otherwise fall back to phpseclib.

[15] Fix | Delete

We could deliberately re-encrypt all loaded information with phpseclib native, but there seems little need for that yet. There can only be a problem if mcrypt is disabled - which pre-July-2015 meant that Dropbox wouldn't work at all. Now, it will force a re-authorisation.

[16] Fix | Delete

*/

[17] Fix | Delete

[18] Fix | Delete

class Dropbox_Encrypter

[19] Fix | Delete

{

[20] Fix | Delete

// Encryption settings - default settings yield encryption to AES (256-bit) standard

[21] Fix | Delete

// @todo Provide PHPDOC for each class constant

[22] Fix | Delete

const KEY_SIZE = 32;

[23] Fix | Delete

const IV_SIZE = 16;

[24] Fix | Delete

[25] Fix | Delete

/**

[26] Fix | Delete

* Encryption key

[27] Fix | Delete

* @var null|string

[28] Fix | Delete

*/

[29] Fix | Delete

private $key = null;

[30] Fix | Delete

[31] Fix | Delete

/**

[32] Fix | Delete

* Check Mcrypt is loaded and set the encryption key

[33] Fix | Delete

* @param string $key

[34] Fix | Delete

* @return void

[35] Fix | Delete

*/

[36] Fix | Delete

public function __construct($key)

[37] Fix | Delete

{

[38] Fix | Delete

if (preg_match('/^[A-Za-z0-9]+$/', $key) && $length = strlen($key) === self::KEY_SIZE) {

[39] Fix | Delete

# Short-cut so that the mbstring extension is not required

[40] Fix | Delete

$this->key = $key;

[41] Fix | Delete

} elseif (($length = mb_strlen($key, '8bit')) !== self::KEY_SIZE) {

[42] Fix | Delete

throw new Dropbox_Exception('Expecting a ' . self::KEY_SIZE . ' byte key, got ' . $length);

[43] Fix | Delete

} else {

[44] Fix | Delete

// Set the encryption key

[45] Fix | Delete

$this->key = $key;

[46] Fix | Delete

}

[47] Fix | Delete

}

[48] Fix | Delete

[49] Fix | Delete

/**

[50] Fix | Delete

* Encrypt the OAuth token

[51] Fix | Delete

* @param \stdClass $token Serialized token object

[52] Fix | Delete

* @return string

[53] Fix | Delete

*/

[54] Fix | Delete

public function encrypt($token)

[55] Fix | Delete

{

[56] Fix | Delete

[57] Fix | Delete

// Encryption: we always use phpseclib for this

[58] Fix | Delete

global $updraftplus;

[59] Fix | Delete

$ensure_phpseclib = $updraftplus->ensure_phpseclib('Crypt_AES');

[60] Fix | Delete

[61] Fix | Delete

if (is_wp_error($ensure_phpseclib)) {

[62] Fix | Delete

$updraftplus->log("Failed to load phpseclib classes (".$ensure_phpseclib->get_error_code()."): ".$ensure_phpseclib->get_error_message());

[63] Fix | Delete

$updraftplus->log("Failed to load phpseclib classes (".$ensure_phpseclib->get_error_code()."): ".$ensure_phpseclib->get_error_message(), 'error');

[64] Fix | Delete

return false;

[65] Fix | Delete

}

[66] Fix | Delete

[67] Fix | Delete

$updraftplus->ensure_phpseclib('Crypt_Rijndael');

[68] Fix | Delete

[69] Fix | Delete

if (!function_exists('crypt_random_string')) require_once(UPDRAFTPLUS_DIR.'/vendor/phpseclib/phpseclib/phpseclib/Crypt/Random.php');

[70] Fix | Delete

[71] Fix | Delete

$iv = crypt_random_string(self::IV_SIZE);

[72] Fix | Delete

[73] Fix | Delete

// Defaults to CBC mode

[74] Fix | Delete

$rijndael = new Crypt_Rijndael();

[75] Fix | Delete

[76] Fix | Delete

$rijndael->setKey($this->key);

[77] Fix | Delete

[78] Fix | Delete

$rijndael->setIV($iv);

[79] Fix | Delete

[80] Fix | Delete

$cipherText = $rijndael->encrypt($token);

[81] Fix | Delete

[82] Fix | Delete

return base64_encode($iv . $cipherText);

[83] Fix | Delete

}

[84] Fix | Delete

[85] Fix | Delete

/**

[86] Fix | Delete

* Decrypt the ciphertext

[87] Fix | Delete

* @param string $cipherText

[88] Fix | Delete

* @return object \stdClass Unserialized token

[89] Fix | Delete

*/

[90] Fix | Delete

public function decrypt($cipherText)

[91] Fix | Delete

{

[92] Fix | Delete

[93] Fix | Delete

// Decryption: prefer mcrypt, if available (since it can decrypt data encrypted by either mcrypt or phpseclib)

[94] Fix | Delete

[95] Fix | Delete

$cipherText = base64_decode($cipherText);

[96] Fix | Delete

$iv = substr($cipherText, 0, self::IV_SIZE);

[97] Fix | Delete

$cipherText = substr($cipherText, self::IV_SIZE);

[98] Fix | Delete

[99] Fix | Delete

if (function_exists('mcrypt_decrypt')) {

[100] Fix | Delete

// @codingStandardsIgnoreLine

[101] Fix | Delete

$token = @mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $cipherText, MCRYPT_MODE_CBC, $iv);

[102] Fix | Delete

} else {

[103] Fix | Delete

global $updraftplus;

[104] Fix | Delete

$updraftplus->ensure_phpseclib('Crypt_Rijndael');

[105] Fix | Delete

[106] Fix | Delete

$rijndael = new Crypt_Rijndael();

[107] Fix | Delete

$rijndael->setKey($this->key);

[108] Fix | Delete

$rijndael->setIV($iv);

[109] Fix | Delete

$token = $rijndael->decrypt($cipherText);

[110] Fix | Delete

}

[111] Fix | Delete

[112] Fix | Delete

return $token;

[113] Fix | Delete

}

[114] Fix | Delete

}

[115] Fix | Delete

[116] Fix | Delete